Yale University Faces Additional Lawsuit after 2011 Breach

Yale University one of the most reputable law schools in the country, Yale faces a second lawsuit after the personal information of more than 100,000 students was stolen by the hacker in a data breach, according to the GazetteXtra.

From between the April 2008 and January 2009, electronic records which contains the social security numbers, date of births and both the email and home addresses of the students which were stored on the Yale University database.

A daily review to its servers have revealed that the malicious attackers has gained access to these confidential data of the Yale servers and obtained thousands of students details, which includes the defendant Andrew Mason.

As you see that the attack took place a decade ago, so Yale University reportedly said that it would not conduct an investigation. Mason’s lawsuit claims that Yale “improperly retained personal information, which was subsequently transferred to unauthorized persons during the breach, as an evidenced by its statements that the person identification information compromised in the breach was deleted from servers in September 2011 because it was unnecessary personal data.”

The industry experts who believed that more lawsuits is going to be coming, not just for the Yale University but for any of the organization that has mishandled the personal information it collects. “It is just going to continue until the organizations realize that doing nothing is no longer acceptable and that security must be prioritized and taken seriously.” Said Joseph Carson, chief security scientist at Thycotic.

“What is clear is that this data breach is a result of poor security hygiene and poor data hygiene that resulted in thousands of victims. Offering 12 months of free identity protection services is not sufficient, as the students identities can be abused or stolen for many years after an incident has occurred. Therefore, the minimum protection should be for at least five years.”

“Other universities should consider this as a lesson and prioritize the cybersecurity immediately and ensure that they have done a data impact assessment and a risk-based assessment to determine show exposed they might be and what actions they must take,” said Carson

“The recent EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act are both taking personal identifiable information very seriously and any similar data breach that occurs moving forward could mean universities facing massive financial penalties of $20 billion or more.”